Class EncryptionAtRest

mongodbatlas..EncryptionAtRest Atlas encrypts your data at rest using encrypted storage media. Using keys you manage with AWS KMS, Atlas encrypts your data a second time when it writes it to the MongoDB encrypted storage engine. You can use the following clouds: AWS CMK, AZURE KEY VAULT and GOOGLE KEY VAULT to encrypt the MongoDB master encryption keys.

NOTE: Groups and projects are synonymous terms. You may find groupId in the official documentation.

Example Usage

using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

class MyStack : Stack
{
public MyStack()
{
    var test = new Mongodbatlas.EncryptionAtRest("test", new Mongodbatlas.EncryptionAtRestArgs
    {
        AwsKms = new Mongodbatlas.Inputs.EncryptionAtRestAwsKmsArgs
        {
            Access_key_id = "AKIAIOSFODNN7EXAMPLE",
            Customer_master_key_id = "030gce02-586d-48d2-a966-05ea954fde0g",
            Enabled = true,
            Region = "US_EAST_1",
            Secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
        },
        AzureKeyVault = new Mongodbatlas.Inputs.EncryptionAtRestAzureKeyVaultArgs
        {
            Azure_environment = "AZURE",
            Client_id = "g54f9e2-89e3-40fd-8188-EXAMPLEID",
            Enabled = true,
            Key_identifier = "https://EXAMPLEKeyVault.vault.azure.net/keys/EXAMPLEKey/d891821e3d364e9eb88fbd3d11807b86",
            Key_vault_name = "EXAMPLEKeyVault",
            Resource_group_name = "ExampleRGName",
            Secret = "EXAMPLESECRET",
            Subscription_id = "0ec944e3-g725-44f9-a147-EXAMPLEID",
            Tenant_id = "e8e4b6ba-ff32-4c88-a9af-EXAMPLEID",
        },
        GoogleCloudKms = new Mongodbatlas.Inputs.EncryptionAtRestGoogleCloudKmsArgs
        {
            Enabled = true,
            Key_version_resource_id = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
            Service_account_key = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
        },
        ProjectId = "<PROJECT-ID>",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
EncryptionAtRest
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Mongodbatlas
Assembly: Pulumi.Mongodbatlas.dll
Syntax
public class EncryptionAtRest : CustomResource

Constructors

View Source

EncryptionAtRest(String, EncryptionAtRestArgs, CustomResourceOptions)

Create a EncryptionAtRest resource with the given unique name, arguments, and options.

Declaration
public EncryptionAtRest(string name, EncryptionAtRestArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
EncryptionAtRestArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AwsKms

Specifies AWS KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Declaration
public Output<EncryptionAtRestAwsKms> AwsKms { get; }
Property Value
Type Description
Output<EncryptionAtRestAwsKms>
View Source

AzureKeyVault

Specifies Azure Key Vault configuration details and whether Encryption at Rest is enabled for an Atlas project.

Declaration
public Output<EncryptionAtRestAzureKeyVault> AzureKeyVault { get; }
Property Value
Type Description
Output<EncryptionAtRestAzureKeyVault>
View Source

GoogleCloudKms

Specifies GCP KMS configuration details and whether Encryption at Rest is enabled for an Atlas project.

Declaration
public Output<EncryptionAtRestGoogleCloudKms> GoogleCloudKms { get; }
Property Value
Type Description
Output<EncryptionAtRestGoogleCloudKms>
View Source

ProjectId

The unique identifier for the project.

Declaration
public Output<string> ProjectId { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, EncryptionAtRestState, CustomResourceOptions)

Get an existing EncryptionAtRest resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static EncryptionAtRest Get(string name, Input<string> id, EncryptionAtRestState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
EncryptionAtRestState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
EncryptionAtRest